Ethereal-users: [Ethereal-users] Re: RTCP malformed frame
Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.
From: Michael Oliveras <moliveras@xxxxxxxxxxxxx>
Date: Tue, 11 Jan 2005 22:48:41 -0500 (GMT-05:00)
I opened up the RTCP packet with ethereal 0.9.11 and the original h323 plugin, and it is able to decode the packet correctly. It seems that the RTCP packet has a Sender report followed by a Source Descriptoin in the same packet, which seems to be the same issue another user had reported. I included a decode of the RTCP packet with both versions of ethereal if anyone cares to take a look. Regards, Mike -----Original Message----- From: Michael Oliveras <moliveras@xxxxxxxxxxxxx> Sent: Jan 8, 2005 11:39 AM To: ethereal-users@xxxxxxxxxxxx Subject: RTCP malformed frame All of the RTCP frames from a particular vendor are decoded as ethereal as malformed. Can someone take a look and see if there is a dissection bug? I included a sample. Thanks, Mike
Frame 1 (126 bytes on wire, 126 bytes captured)
Arrival Time: Jan 7, 2005 11:02:44.560240000
Time delta from previous packet: 0.000000000 seconds
Time relative to first packet: 0.000000000 seconds
Frame Number: 1
Packet Length: 126 bytes
Capture Length: 126 bytes
Ethernet II, Src: 00:d0:ff:90:98:00, Dst: 00:07:e9:0c:91:52
Destination: 00:07:e9:0c:91:52 (Intel_0c:91:52)
Source: 00:d0:ff:90:98:00 (Cisco_90:98:00)
Type: IP (0x0800)
Internet Protocol, Src Addr: 209.58.84.226 (209.58.84.226), Dst Addr: 209.58.84.42 (209.58.84.42)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 112
Identification: 0x7230
Flags: 0x00
.0.. = Don't fragment: Not set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 63
Protocol: UDP (0x11)
Header checksum: 0xbdcb (correct)
Source: 209.58.84.226 (209.58.84.226)
Destination: 209.58.84.42 (209.58.84.42)
User Datagram Protocol, Src Port: 7839 (7839), Dst Port: 60823 (60823)
Source port: 7839 (7839)
Destination port: 60823 (60823)
Length: 92
Checksum: 0x0000 (none)
Real-time Transport Control Protocol
Version: RFC 1889 Version (2)
Padding: False
Reception report count: 1
Packet type: Sender Report (200)
Length: 12
Sender SSRC: 0
Timestamp, MSW: 3314101148
Timestamp, LSW: 3256352768
RTP timestamp: 11040
Sender's packet count: 0
Sender's octet count: 0
Source 1
Identifier: 234312949
SSRC contents
Fraction lost: 0 / 256
Cumulative number of packets lost: 0
Extended highest sequence number received: 18267
Sequence number cycles count: 0
Highest sequence number received: 18267
Interarrival jitter: 11
Last SR timestamp: 824463097
Delay since last SR timestamp: 17039
Real-time Transport Control Protocol
Version: RFC 1889 Version (2)
Padding: False
Source count: 1
Packet type: Source description (202)
Length: 7
Chunk 1, SSRC/CSRC 0
Identifier: 0
SDES items
Type: CNAME (user and domain) (1)
Length: 19
Text: e00a9@209.58.84.226
0000 00 07 e9 0c 91 52 00 d0 ff 90 98 00 08 00 45 00 .....R........E.
0010 00 70 72 30 00 00 3f 11 bd cb d1 3a 54 e2 d1 3a .pr0..?....:T..:
0020 54 2a 1e 9f ed 97 00 5c 00 00 81 c8 00 0c 00 00 T*.....\........
0030 00 00 c5 89 2b 9c c2 18 00 00 00 00 2b 20 00 00 ....+.......+ ..
0040 00 00 00 00 00 00 0d f7 54 f5 00 00 00 00 00 00 ........T.......
0050 47 5b 00 00 00 0b 31 24 4e f9 00 00 42 8f 81 ca G[....1$N...B...
0060 00 07 00 00 00 00 01 13 65 30 30 61 39 40 32 30 ........e00a9@20
0070 39 2e 35 38 2e 38 34 2e 32 32 36 00 00 00 9.58.84.226...
No. Time Source Destination Protocol Info
1 0.000000 209.58.84.226 209.58.84.42 RTCP Sender Report[Malformed Packet]
Frame 1 (126 bytes on wire, 126 bytes captured)
Arrival Time: Jan 7, 2005 11:02:44.560240000
Time delta from previous packet: 0.000000000 seconds
Time since reference or first frame: 0.000000000 seconds
Frame Number: 1
Packet Length: 126 bytes
Capture Length: 126 bytes
Ethernet II, Src: 00:d0:ff:90:98:00, Dst: 00:07:e9:0c:91:52
Destination: 00:07:e9:0c:91:52 (Intel_0c:91:52)
Source: 00:d0:ff:90:98:00 (Cisco_90:98:00)
Type: IP (0x0800)
Internet Protocol, Src Addr: 209.58.84.226 (209.58.84.226), Dst Addr: 209.58.84.42 (209.58.84.42)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 112
Identification: 0x7230 (29232)
Flags: 0x00
0... = Reserved bit: Not set
.0.. = Don't fragment: Not set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 63
Protocol: UDP (0x11)
Header checksum: 0xbdcb (correct)
Source: 209.58.84.226 (209.58.84.226)
Destination: 209.58.84.42 (209.58.84.42)
User Datagram Protocol, Src Port: 7839 (7839), Dst Port: 60823 (60823)
Source port: 7839 (7839)
Destination port: 60823 (60823)
Length: 92
Checksum: 0x0000 (none)
Real-time Transport Control Protocol
10.. .... = Version: RFC 1889 Version (2)
..0. .... = Padding: False
...0 0001 = Reception report count: 1
Packet type: Sender Report (200)
Length: 12
Sender SSRC: 0
Timestamp, MSW: 3314101148
Timestamp, LSW: 3256352768
RTP timestamp: 11040
Sender's packet count: 0
Sender's octet count: 0
Source 1
Identifier: 234312949
SSRC contents
Fraction lost: 0 / 256
Cumulative number of packets lost: 0
Extended highest sequence number received: 18267
Sequence number cycles count: 0
Highest sequence number received: 18267
Interarrival jitter: 11
Last SR timestamp: 824463097
Delay since last SR timestamp: 17039
Real-time Transport Control Protocol
10.. .... = Version: RFC 1889 Version (2)
..0. .... = Padding: False
...0 0001 = Source count: 1
Packet type: Source description (202)
Length: 7
Padding
Chunk 1, SSRC/CSRC 18048304
Identifier: 18048304
SDES items
Type: Unknown (48)
Length: 97
[Malformed Packet: RTCP]
0000 00 07 e9 0c 91 52 00 d0 ff 90 98 00 08 00 45 00 .....R........E.
0010 00 70 72 30 00 00 3f 11 bd cb d1 3a 54 e2 d1 3a .pr0..?....:T..:
0020 54 2a 1e 9f ed 97 00 5c 00 00 81 c8 00 0c 00 00 T*.....\........
0030 00 00 c5 89 2b 9c c2 18 00 00 00 00 2b 20 00 00 ....+.......+ ..
0040 00 00 00 00 00 00 0d f7 54 f5 00 00 00 00 00 00 ........T.......
0050 47 5b 00 00 00 0b 31 24 4e f9 00 00 42 8f 81 ca G[....1$N...B...
0060 00 07 00 00 00 00 01 13 65 30 30 61 39 40 32 30 ........e00a9@20
0070 39 2e 35 38 2e 38 34 2e 32 32 36 00 00 00 9.58.84.226...
- Follow-Ups:
- [Ethereal-users] UNIX timestamp
- From: Miklos Szurdi
- Re: [Ethereal-users] Re: RTCP malformed frame
- From: Guy Harris
- [Ethereal-users] UNIX timestamp
- Prev by Date: Re: [Ethereal-users] MSVCRT.dll
- Next by Date: Re: [Ethereal-users] Decoding of new NAI sniffer timestamps.
- Previous by thread: Re: [Ethereal-users] question about how to get http.hostname
- Next by thread: [Ethereal-users] UNIX timestamp
- Index(es):
